What is JSESSIONID in J2EE Web application - JSP Servlet?

What is JSESSIONID in J2EE Web application - JSP Servlet? 

JSESSIONID is a cookie generated by Servlet container like Tomcat or Jetty and used for session management in J2EE web application for http protocol. Since HTTP is a stateless protocol there is no way for Web Server to relate two separate requests coming from same client and Session management is the process to track user session using different session management techniques like Cookies and URL Rewriting. If Web server is using cookie for session management it creates and sends JSESSIONID cookie to the client and than client sends it back to server in subsequent http requests.

When JSESSIONID created in Web application?

• In Java J2EE application container is responsible for Session management and by default uses Cookie.

• If user request is served by Servlet than session is created by calling request.getSession(true) method. it accepts a boolean parameter which instruct to create session if its not already existed. if you call    request.getSession(false) then it will either return null if no session is associated with this user or return the associated HttpSession object.

• If HttpRequest is for JSP page than Container automatically creates a new Session with JSESSIONID if this feature is not disabled explicitly by using page directive %@ page session="false" %>.

• Once Session is created Container sends JSESSIONID cookie into response to the client. In case of HTML access, no user session is created. If  client has disabled cookie than Container uses URL rewriting for managing session on which jsessionid is appended into URL as shown below:           
•  Ex. - https://localhost:8443/supermart/login.htm;jsessionid=1A530637289A03B07199A44E8D531427

• When HTTP session is invalidated(), mostly when user logged off, old JSESSIONID destroyed and a new JSESSIONID is created when user further login.